[openssl-dev] Work on a new RNG for OpenSSL
Kurt Roeckx
kurt at roeckx.be
Tue Jun 27 16:47:04 UTC 2017
On Tue, Jun 27, 2017 at 02:42:52PM +0200, Matthias St. Pierre wrote:
>
> So I have two questions:
>
> - Do you intend to continue supporting RAND_set_rand_method() or will there only be one 'perfect' random generator and no choice anymore?
I think we should have a default one, but an option to have a
different one.
> - Do you consider the SP800-90A DRBG outdated or will there be a chance that it will be added to the OpenSSL master as
> officially supported RAND method?
I think we should have at least 1 that follows SP800-90A, it's
clearly something some people will need.
> - Will the new OpenSSL RNG support a way to configure reseed intervals and external entropy sources in a similar fashion
> as the FIPS DRBG did?
It should at least reseed by default. Having an option to change
the default interval might make sense.
There clearly should be a way to use a source other than the one
provided by the kernel, which I think it needed for SP800-90A.
Kurt
More information about the openssl-dev
mailing list